Malware Bytes Scan

Dave Cohen · External Since: Oct 16, 2004 Posts: 59

Just updated MalwareByte and scanned system. Getting over 400
'Trojan.Downloader' messages on files that have been on the system
forever. Avira doesn't find anything.

Victek · External Since: Dec 03, 2009 Posts: 2

> Just updated MalwareByte and scanned system. Getting over 400
> 'Trojan.Downloader' messages on files that have been on the system
> forever. Avira doesn't find anything.
..
I would trust MBAM, but if you want a second opinion install Hitman Pro
(free thirty day license) or SuperAntiSpyware. I find that AV is
notoriously unable to detect the types of malware that MBAM, SAS etc. are
designed to find/remove.

FredW · External Since: May 03, 2009 Posts: 30

This message is not archived

Rube Bumpkin · External Since: Dec 03, 2009 Posts: 3

FredW wrote:
> On Thu, 03 Dec 2009 15:54:29 -0500, Dave Cohen wrote:
>
>> Just updated MalwareByte and scanned system. Getting over 400
>> 'Trojan.Downloader' messages on files that have been on the system
>> forever. Avira doesn't find anything.
>
> Are you sure it is MBAM and not Avast?
> Wink

>
> I would wait for the next update and then scan again.
>
> In the meantime for a second opinion
> - SuperAntiSpyware (Free Edition)
> http://www.superantispyware.com/download.html
>
This was a problem with Update 3286 which was only out there for a
little while. It was replaced with 3287, then 3288.

There were several threads on the MBAM forums.

RB

FredW · External Since: May 03, 2009 Posts: 30

This message is not archived

Buffalo · External Since: Jul 19, 2007 Posts: 20

FredW wrote:
>
> Looks like the same kind of problem Avast had today.

Huh? Why did MBAM and Avast have problems around the same time?
What is the connection??
Do they share or steal each others definitions?
Buffalo

FromTheRafters · External Since: Feb 16, 2009 Posts: 78

"Dave Cohen" wrote in message

> Just updated MalwareByte and scanned system. Getting over 400
> 'Trojan.Downloader' messages on files that have been on the system
> forever. Avira doesn't find anything.

Submit one of the suspect files to Virustotal or Jotti to help ascertain
if it is a false positive.

David H. Lipman · External Since: Jul 04, 2003 Posts: 2245

From: "Buffalo"

| FredW wrote:

>> Looks like the same kind of problem Avast had today.

| Huh? Why did MBAM and Avast have problems around the same time?
| What is the connection??
| Do they share or steal each others definitions?
| Buffalo

Pure coincidence of a rash of False Positives!

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Buffalo · External Since: Jul 19, 2007 Posts: 20

David H. Lipman wrote:
> From: "Buffalo"
>
>
>
>> FredW wrote:
>
>>> Looks like the same kind of problem Avast had today.
>
>> Huh? Why did MBAM and Avast have problems around the same time?
>> What is the connection??
>> Do they share or steal each others definitions?
>> Buffalo
>
>
>
> Pure coincidence of a rash of False Positives!

I really don't believe that explaination!
Buffalo

Rube Bumpkin · External Since: Dec 03, 2009 Posts: 3

FromTheRafters wrote:
> "Dave Cohen" wrote in message
>
>> Just updated MalwareByte and scanned system. Getting over 400
>> 'Trojan.Downloader' messages on files that have been on the system
>> forever. Avira doesn't find anything.
>
> Submit one of the suspect files to Virustotal or Jotti to help ascertain
> if it is a false positive.
>
>

I did that. When it came back 'negative', I checked the MBAM forums.

RB

David H. Lipman · External Since: Jul 04, 2003 Posts: 2245

From: "Buffalo"

>> Pure coincidence of a rash of False Positives!

| I really don't believe that explaination!
| Buffalo

Sorry, that's the way it is.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

FredW · External Since: May 03, 2009 Posts: 30

This message is not archived

FromTheRafters · External Since: Feb 16, 2009 Posts: 78

"Buffalo" wrote in message

>
>
> David H. Lipman wrote:
>> From: "Buffalo"
>>
>>
>>
>>> FredW wrote:
>>
>>>> Looks like the same kind of problem Avast had today.
>>
>>> Huh? Why did MBAM and Avast have problems around the same time?
>>> What is the connection??
>>> Do they share or steal each others definitions?
>>> Buffalo
>>
>>
>>
>> Pure coincidence of a rash of False Positives!
>
> I really don't believe that explaination!

If it were more than a coincidence, it would be the *same* malware being
purportedly found by each program, since you are talking about the def
files being possibly shared or stolen. For example if both entities
stole their defs from PCButts - all three would FP on the same files for
the same malware (possibly giving different malware names as a result).

FromTheRafters · External Since: Feb 16, 2009 Posts: 78

"Rube Bumpkin" wrote in message

> FromTheRafters wrote:
>> "Dave Cohen" wrote in message
>>
>>> Just updated MalwareByte and scanned system. Getting over 400
>>> 'Trojan.Downloader' messages on files that have been on the system
>>> forever. Avira doesn't find anything.
>>
>> Submit one of the suspect files to Virustotal or Jotti to help
>> ascertain if it is a false positive.
>
> I did that. When it came back 'negative', I checked the MBAM forums.

Even the best programs can and will FP - it is nice to have a
programmatical consensus available online. When online is not possible,
it is nice to have an alternative program available locally for a second
opinion.

Dave Cohen · External Since: Oct 16, 2004 Posts: 59

Dave Cohen wrote:
> Just updated MalwareByte and scanned system. Getting over 400
> 'Trojan.Downloader' messages on files that have been on the system
> forever. Avira doesn't find anything.

All is well. My 12/3 update installed 3287 and the scan indicated
problems I stated.
Today (12/4) I updated and installed 3289, full scan showed zero problems.
One curious note: I don't recall having to re-start the computer after
yesterday's update. Today I received and responded to that message.
Thanks for all your replies.

Buffalo · External Since: Jul 19, 2007 Posts: 20

David H. Lipman wrote:
> From: "Buffalo"
>
>
>>> Pure coincidence of a rash of False Positives!
>
>> I really don't believe that explanation!
>> Buffalo
>
>
> Sorry, that's the way it is.

I guess so. That kind of coincidence just throws up a red flag to me.
Thanks for the response.
Buffalo

Leonard Agoado · External Since: Jul 22, 2006 Posts: 5

"FromTheRafters" wrote

> For example if both entities stole their defs from
> PCButts - all three would FP on the same files for the same malware...

FTR,

Do you imagine, in the scenario described above, either entity
functioning well enough to make it to that point?

Regards,

Len Agoado
agoado.TakeThisOut@msn.com

David H. Lipman · External Since: Jul 04, 2003 Posts: 2245

From: "Buffalo"

| David H. Lipman wrote:
>> From: "Buffalo"

>>>> Pure coincidence of a rash of False Positives!

>>> I really don't believe that explanation!
>>> Buffalo

>> Sorry, that's the way it is.

| I guess so. That kind of coincidence just throws up a red flag to me.
| Thanks for the response.
| Buffalo

I understand.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

FromTheRafters · External Since: Feb 16, 2009 Posts: 78

"Leonard Agoado" wrote in message

>
> "FromTheRafters" wrote
>
>
>> For example if both entities stole their defs from
>> PCButts - all three would FP on the same files for the same
>> malware...
>
>
> FTR,
>
> Do you imagine, in the scenario described above, either entity
> functioning well enough to make it to that point?

Of course, virus (or malware) description language is not a programming
language.

Surprised

D

Butt's programs work reasonably well even though the data files
describing the malware are stolen from the actual people doing the
research to create them (the "engines" consuming that data are probably
stolen as well, by this has not been demonstrated as well as the other
aspect has).

If you recall the "other" thieves (from China?) - they actually gave the
same malware name (marker) in the alert, probably because the engine
(maybe even the GUI) is stolen as well.

FromTheRafters · External Since: Feb 16, 2009 Posts: 78

"Dave Cohen" wrote in message

> Dave Cohen wrote:
>> Just updated MalwareByte and scanned system. Getting over 400
>> 'Trojan.Downloader' messages on files that have been on the system
>> forever. Avira doesn't find anything.
>
> All is well. My 12/3 update installed 3287 and the scan indicated
> problems I stated.
> Today (12/4) I updated and installed 3289, full scan showed zero
> problems.
> One curious note: I don't recall having to re-start the computer after
> yesterday's update. Today I received and responded to that message.
> Thanks for all your replies.

Often, that is indicative of a program update as opposed to just a
definitions update. I'm not sure if Malwarebyte's Anti-Malware shares
this nature so familiar with the AV programs.